1. Technical Field
The present disclosure relates to the field of digital security, particularly digital security for devices in an online identity data update system using externally acquired identity data.
2. Background
The use and transfer of digital information has become important in many areas of life, including commerce, education, government, entertainment and management. In many of these areas, the ability to ensure the privacy, integrity and authenticity of information can be critical. As a result, several digital security mechanisms have been developed to improve security.
One approach to digital security involves provisioning network-enabled devices, such as PCs, mobile phones, routers, media players, set-top boxes and other devices, with identity data. Identity data provisioned on devices can allow the devices to communicate with other the devices in a secure manner. Identity data can include digital keys and/or digital certificates that can describe the identity of a particular device, and/or allow that particular devices to access a service or network. By way of a non-limiting example, digital keys, such as key pairs of public and private keys, as well as digital certificates can be used to identify, authenticate, and/or communicate with a particular device in a Public Key Infrastructure (PKI) system in a secure manner.
Some existing systems allow identity data to be provisioned on devices before and/or after they are deployed in the field. For example, identity data can be incorporated into a device in a factory during or after manufacture of the device, and/or the identity data can be provisioned or updated in a device after the device has left the factory. By way of a non-limiting example, a large scale upgrade of many devices can occur when a network operator desires to replace its Digital Rights Management (DRM) system or when it wants to support other security applications that require the devices to be provisioned with new types of identity data after the devices have been deployed.
However, these existing systems often do not provide for obtaining new identity data for devices from an external trust authority, or do not provide for the external trust authority encrypting the new identity data with keys bound to particular component identifiers tied to individual components within the devices to be upgraded.